11

I am trying to run a development db inside the container instead of my local instance. However, in our local dev db versions we use weak passwords (when db is getting deployed to prod the passwords are strong) so when I try to create a server users inside my container it is complaining about the weak password and deployment of SQL Server Project fails.

Is there a way to turn off strong passwords in SQL Server Container?

AlexanderM
  • 1,613
  • 4
  • 21
  • 35

1 Answers1

12

When creating the Login use CHECK_POLICY = OFF, and then a weak password will be allowed. For example:

CREATE LOGIN SampleLogin WITH PASSWORD = '1', CHECK_POLICY = OFF, CHECK_EXPIRY = OFF;

But, even if it is your Development environment, I still feel you should be creating "good" passwords. Being in Dev/UAT/etc is not an excuse for poor security.

As per comment, if you are using SQL Server 2017+ use CHECK_EXPIRATION

Thom A
  • 88,727
  • 11
  • 45
  • 75
  • We use sql server projects in visual studio. I do not really want to change the user creation code. Is there a way to do it server wide? – AlexanderM Jan 11 '19 at 19:49
  • @AlexanderM ALTER the LOGIN – Ilyes Jan 11 '19 at 19:51
  • Not as far as I know @AlexanderM. It's there for good reason. If you want to avoid it, you need to explicitly do so. You either need to include `CHECK_POLICY`or use "secure" passwords (ones that conform with the policy). – Thom A Jan 11 '19 at 19:52
  • @Larnu, being new member in the company I am not feeling comfortable of doing the change to the "good" passwords at this time. Slowly and surely I am going to try to direct a thoughts of the team on that subject but not today :) – AlexanderM Jan 11 '19 at 19:54
  • Then looks like you're need to change the creation scripts to use `CHECK_POLICY = OFF` @AlexanderM . Those are your 2 options I'm afraid. :) – Thom A Jan 11 '19 at 19:55
  • @AlexanderM How about `ALTER LOGIN LogIn WITH PASSWORD=N'password' , CHECK_POLICY = OFF, CHECK_EXPIRATION = OFF` – Ilyes Jan 11 '19 at 20:03
  • That would require the login being created @Sami (which it won't be, as the password is insecure). – Thom A Jan 11 '19 at 20:13
  • CHECK_EXPIRY doesn't exist as of v2017. – EnzoR Aug 12 '19 at 10:56